db1773d4d893fc155715bab87a74ee13daf7f2ab8330109f794b4520662cb6b5

General

Target

db1773d4d893fc155715bab87a74ee13daf7f2ab8330109f794b4520662cb6b5.dll
Size

2.0MB
MD5

c82e5ec1f5966dcedacca3f586d56688
SHA1

f2bbea2aeb5b348dff177d5351e7c499d6003a9d
SHA256

db1773d4d893fc155715bab87a74ee13daf7f2ab8330109f794b4520662cb6b5
SHA512

0fd19f49d76e2cbfd40858dcc1c22877a364af132b4da661eee61cf06569b9d2bbd8aaf6c9d3708e545fb23fd68c6e5d41898dae12d9ac7859b7ee52cfdf47e2

Score

8^/10

discovery persistence

Malware Config

Signatures

Blacklisted process makes network request 3 IoCs

Processes:

rundll32.exe

flow pid process

12 3800 rundll32.exe
13 3800 rundll32.exe
14 3800 rundll32.exe
Modifies AppInit DLL entries 2 TTPs
persistence

Registry Run Keys / Startup Folder
T1060

Modify Registry
T1112
Loads dropped DLL 4 IoCs

Processes:

rundll32.exerundll32.exe

pid process

2796 rundll32.exe
1464 rundll32.exe
1464 rundll32.exe
1464 rundll32.exe
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Drops file in Program Files directory 1 IoCs

Processes:

rundll32.exe

description ioc process

File created C:\Program Files (x86)\AppendFunc\AppendFunc.dll rundll32.exe

flow	pid	process
12	3800	rundll32.exe
13	3800	rundll32.exe
14	3800	rundll32.exe

pid	process
2796	rundll32.exe
1464	rundll32.exe
1464	rundll32.exe
1464	rundll32.exe

description	ioc	process
File created	C:\Program Files (x86)\AppendFunc\AppendFunc.dll	rundll32.exe

Modifies data under HKEY_USERS 53 IoCs

Processes:

rundll32.exe

description	ioc	process
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}\_cf9b4eb5\00000000\370856c7 = 00000000	rundll32.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}\_cf9b4eb5\eae10f9d\0c230bcb = "///%"	rundll32.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}\_cf9b4eb5\eae10f9d\2e22d94e = "///%"	rundll32.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}\_cf9b4eb5\eae10f9d\7f69fa1f = "///%"	rundll32.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}\_cf9b4eb5\eae10f9d\d1abcdb6 = "///%"	rundll32.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}	rundll32.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}\_cf9b4eb5\eae10f9d\0dc3ee96 = "/P////%%"	rundll32.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}\_cf9b4eb5\eae10f9d\340d3099 = "/P////%%"	rundll32.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}\_cf9b4eb5\eae10f9d\c6c5dd44 = "V/////%%"	rundll32.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}\_cf9b4eb5	rundll32.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}\_cf9b4eb5\00000000	rundll32.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}\_cf9b4eb5\00000000\493c7345 = 690030003100650030003600380030006d0030003100540030003700620030006f00780031004f00300036006800300069006c0031002b0030003200490030006a00300031004a00300037004300300000006f0078003100530030003600710030006f0078003100530030003600680030006900300031004a0030003700300030006e00550031004e00300036006800300069003000310044003000370071003000700078003000530030003600680030006e006c0031004100300036004500300000000000	rundll32.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}\_cf9b4eb5\eae10f9d\65114b36 = "VP/l////"	rundll32.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}\_cf9b4eb5\eae10f9d\0e93c3f3 = "///%"	rundll32.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}\_cf9b4eb5\eae10f9d\c5705860 = "Vx////%%"	rundll32.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}\_cf9b4eb5\eae10f9d\c24899a6 = "VP/g/CV/Vl/2/Cx////%"	rundll32.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}\_cf9b4eb5\eae10f9d\f1f24e29 = "Vl/l/C/////%"	rundll32.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}\_cf9b4eb5\eae10f9d\f2c53c49 = "UlAr/XJ/c//k////"	rundll32.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}\_cf9b4eb5\eae10f9d\48bd1aff = "V/////%%"	rundll32.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}\_cf9b4eb5\eae10f9d\587b5709 = "V/////%%"	rundll32.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}\_cf9b4eb5\eae10f9d\a0743acc = "N/////%%"	rundll32.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}\_cf9b4eb5\eae10f9d\c99a5f5c = "///%"	rundll32.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}\_cf9b4eb5\eae10f9d\f6ad6fa6 = "V/////%%"	rundll32.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}\_cf9b4eb5	rundll32.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}\_cf9b4eb5\iiid = "1"	rundll32.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}\_cf9b4eb5\eae10f9d\414bc593 = "///%"	rundll32.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}\_cf9b4eb5\eae10f9d\1c311243 = "HPAj/XF/HPAj/Xt/c/A3/Y//alAg/Xt/c/Ap/YF/GP/j/Yx/dPA4////"	rundll32.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}\_cf9b4eb5\eae10f9d\8b9e4cbc = "V/////%%"	rundll32.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}\_cf9b4eb5\eae10f9d\e46c271e = "///%"	rundll32.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}\_cf9b4eb5\eae10f9d\060df2cd = "c/Ay/XZ/b/Ak/YV/HPAh/Xt/cxAu/B2/HPAj/XF/al////%%"	rundll32.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}\_cf9b4eb5\eae10f9d\51d2f2ea = "PPAl/Y//GPAj/XP/QxA+/X2/Fl////%%"	rundll32.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}\_cf9b4eb5\eae10f9d\7367429f = "///%"	rundll32.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}\_cf9b4eb5\eae10f9d	rundll32.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}\_cf9b4eb5\eae10f9d\1520c6f1 = "V/////%%"	rundll32.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}\_cf9b4eb5\eae10f9d\2d71d5ab = "V/////%%"	rundll32.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}\_cf9b4eb5\eae10f9d\6185d035 = "Vx/2/Cx/V//l////"	rundll32.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}\_cf9b4eb5\00000000\a47da861 = 6f00300031004f0030003700780030006d00300030004b0030003200450030006100550031002b0030003600340030006d00550031004a0030003600710030006e00550031004d00300036004f0030007100780031004f0030003200490030006f0078003100530030003600710030006e0055003000540030003700740030006e006c003100440030003600490030006d00550031004f0030003600340030006e00300031005900300032004500300000006f00300031004f0030003700780030006d00300030004b0030003200450030006100550031005a0030003700680030006e0078003100440030003700380030006d006c0031005400300037003800300071006c0031005400300037006c00300061006c00310053003000360074003000690030003000540030003700740030006e006c003100440030003600490030006d00550031004f0030003600340030006e00300031005900300032004500300000006f00300031004f0030003700780030006d00300030004b0030003200450030006100550031004f00300036006c0030007000780031005a0030003600680030006d006c0031004d0030003600450030006d006c003100660030003600450030006a0030003000530030003600490030007000780031004f003000320045003000690078003100530030003600680030006e006c0031004e00300037007800300071007800310059003000360055003000610055003000250000006f00300031004f0030003700780030006d00300030004b00300032004500300061005500310067003000360034003000710055003100430030003600740030007000300031004f0030003700680030006d00300031002b0030003700620030006f00300031005400300037003000300061006c003100670030003600450030006e0078003000540030003700740030006e006c003100440030003600490030006d00550031004f0030003600340030006e00300031005900300032004500300000006f00300031004f0030003700780030006d00300030004b0030003200450030006100550031005a0030003700680030006d006c0031002b0030003700620030006e0055003100500030003700380030007100550031002b0030003700620030006900300031004a003000370030003000700078003000530030003600490030007000780031004f003000320045003000690078003100530030003600680030006e006c0031004e00300037007800300071007800310059003000360055003000610055003000250000006f00300031004f0030003700780030006d00300030004b0030003200450030006100550031004d0030003600740030006d0055003100540030003700740030006d006c003100670030003600740030006d00550031004f0030003700680030006d00300031002b0030003200490030006f0078003100530030003600710030006e0055003000540030003700740030006e006c003100440030003600490030006d00550031004f0030003600340030006e00300031005900300032004500300000006f00300031004f0030003700780030006d00300030004b0030003200450030006100550031004d0030003600740030006d0055003100540030003700740030006d006c003100670030003600740030006d00550031004f0030003700680030006d00300031002b0030003200490030006e006c0031002b003000370078003000610055003100500030003600490030006f007800310053003000370062003000690030003100650030003600550030006e00300030005400300030002500250000006f00300031004f0030003700780030006d00300030004b0030003200450030006100550031004d0030003600740030006d0055003100540030003700740030006d006c003100670030003600740030006d00550031004f0030003700680030006d00300031002b0030003600450030006e006c003100590030003600680030006e006c0031002b0030003200490030006e006c0031002b003000370078003000610055003100500030003600490030006f007800310053003000370062003000690030003100650030003600550030006e00300030005400300030002500250000006f00300031004f0030003700780030006d00300030004b0030003200450030006100550031004f00300036006c0030007000780031004d0030003600740030006d0055003100540030003700740030006d006c003100670030003600740030006d00550031004f0030003700680030006d00300031002b0030003200490030006e006c0031002b003000370078003000610055003100500030003600490030006f007800310053003000370062003000690030003100650030003600550030006e00300030005400300030002500250000006f00300031004f0030003700780030006d00300030004b003000320045003000610055003100500030003600490030006f0078003100560030003700740030007000780031004e003000360074003000690030003000530030003600680030006e006c00310041003000360045003000610055003100500030003600490030006f007800310053003000370062003000690030003100650030003600550030006e00300030005400300030002500250000000000	rundll32.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}\_cf9b4eb5\eae10f9d\27ddcf6f = "///%"	rundll32.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}\_cf9b4eb5\eae10f9d\72758a5d = "///%"	rundll32.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}\_cf9b4eb5\eae10f9d\f0bf0bde = "///%"	rundll32.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}\_cf9b4eb5\00000000	rundll32.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}\_cf9b4eb5\eae10f9d\37b7a6d8 = "UlAr/XJ/c//k////"	rundll32.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}\_cf9b4eb5\eae10f9d\a2e3b941 = "///%"	rundll32.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}\_cf9b4eb5\eae10f9d\e8f9dcc7 = "UlAr/XJ/c//k////"	rundll32.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}\_cf9b4eb5\00000000\3efeb33e = 00000000	rundll32.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\AppDataLow	rundll32.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE	rundll32.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}\_cf9b4eb5\eae10f9d\a1dcff5b = "V/////%%"	rundll32.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}\_cf9b4eb5\eae10f9d\3c09c42b = "///%"	rundll32.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}\_cf9b4eb5\eae10f9d\bbf88800 = "///%"	rundll32.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}\_cf9b4eb5\eae10f9d\d94388d2 = "HPAj/XF/HPAj/Xt/c/A3/Y//alAg/Xt/c/Ap/YF/GP/j/Yx/dPA4////"	rundll32.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}\_cf9b4eb5\eae10f9d\fe94ce1e = "V/////%%"	rundll32.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}\_cf9b4eb5\eae10f9d\38583bc3 = "Ml/2/CF/M//g/CZ////%"	rundll32.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

Processes:

rundll32.exerundll32.exe

pid	process
3800	rundll32.exe
3800	rundll32.exe
3800	rundll32.exe
3800	rundll32.exe
3800	rundll32.exe
3800	rundll32.exe
3800	rundll32.exe
3800	rundll32.exe
1464	rundll32.exe
1464	rundll32.exe
1464	rundll32.exe
1464	rundll32.exe

Suspicious use of WriteProcessMemory 9 IoCs

Processes:

rundll32.exerundll32.exerundll32.exe

description	pid	process	target process
PID 4076 wrote to memory of 3800	4076	rundll32.exe	rundll32.exe
PID 4076 wrote to memory of 3800	4076	rundll32.exe	rundll32.exe
PID 4076 wrote to memory of 3800	4076	rundll32.exe	rundll32.exe
PID 3800 wrote to memory of 2796	3800	rundll32.exe	rundll32.exe
PID 3800 wrote to memory of 2796	3800	rundll32.exe	rundll32.exe
PID 3800 wrote to memory of 2796	3800	rundll32.exe	rundll32.exe
PID 1932 wrote to memory of 1464	1932	rundll32.exe	rundll32.exe
PID 1932 wrote to memory of 1464	1932	rundll32.exe	rundll32.exe
PID 1932 wrote to memory of 1464	1932	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\db1773d4d893fc155715bab87a74ee13daf7f2ab8330109f794b4520662cb6b5.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4076

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\db1773d4d893fc155715bab87a74ee13daf7f2ab8330109f794b4520662cb6b5.dll,#1
2⤵
- Blacklisted process makes network request
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3800

C:\Windows\SysWOW64\rundll32.exe
"C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\AppendFunc\AppendFunc.dll",serv -install
3⤵
- Loads dropped DLL
PID:2796

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\AppendFunc\AppendFunc.dll",serv
1⤵
- Suspicious use of WriteProcessMemory
PID:1932

C:\Windows\SysWOW64\rundll32.exe
"C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\AppendFunc\AppendFunc.dll",serv
2⤵
- Loads dropped DLL
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
PID:1464

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Query Registry

1

T1012

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\??\c:\Program Files (x86)\AppendFunc\AppendFunc.dll
MD5
c82e5ec1f5966dcedacca3f586d56688

SHA1
f2bbea2aeb5b348dff177d5351e7c499d6003a9d

SHA256
db1773d4d893fc155715bab87a74ee13daf7f2ab8330109f794b4520662cb6b5

SHA512
0fd19f49d76e2cbfd40858dcc1c22877a364af132b4da661eee61cf06569b9d2bbd8aaf6c9d3708e545fb23fd68c6e5d41898dae12d9ac7859b7ee52cfdf47e2

Download Submit
\Program Files (x86)\AppendFunc\AppendFunc.dll
MD5
c82e5ec1f5966dcedacca3f586d56688

SHA1
f2bbea2aeb5b348dff177d5351e7c499d6003a9d

SHA256
db1773d4d893fc155715bab87a74ee13daf7f2ab8330109f794b4520662cb6b5

SHA512
0fd19f49d76e2cbfd40858dcc1c22877a364af132b4da661eee61cf06569b9d2bbd8aaf6c9d3708e545fb23fd68c6e5d41898dae12d9ac7859b7ee52cfdf47e2

Download Submit
\Program Files (x86)\AppendFunc\AppendFunc.dll
MD5
c82e5ec1f5966dcedacca3f586d56688

SHA1
f2bbea2aeb5b348dff177d5351e7c499d6003a9d

SHA256
db1773d4d893fc155715bab87a74ee13daf7f2ab8330109f794b4520662cb6b5

SHA512
0fd19f49d76e2cbfd40858dcc1c22877a364af132b4da661eee61cf06569b9d2bbd8aaf6c9d3708e545fb23fd68c6e5d41898dae12d9ac7859b7ee52cfdf47e2

Download Submit
\Program Files (x86)\AppendFunc\AppendFunc.dll
MD5
c82e5ec1f5966dcedacca3f586d56688

SHA1
f2bbea2aeb5b348dff177d5351e7c499d6003a9d

SHA256
db1773d4d893fc155715bab87a74ee13daf7f2ab8330109f794b4520662cb6b5

SHA512
0fd19f49d76e2cbfd40858dcc1c22877a364af132b4da661eee61cf06569b9d2bbd8aaf6c9d3708e545fb23fd68c6e5d41898dae12d9ac7859b7ee52cfdf47e2

Download Submit
\Program Files (x86)\AppendFunc\AppendFunc.dll
MD5
c82e5ec1f5966dcedacca3f586d56688

SHA1
f2bbea2aeb5b348dff177d5351e7c499d6003a9d

SHA256
db1773d4d893fc155715bab87a74ee13daf7f2ab8330109f794b4520662cb6b5

SHA512
0fd19f49d76e2cbfd40858dcc1c22877a364af132b4da661eee61cf06569b9d2bbd8aaf6c9d3708e545fb23fd68c6e5d41898dae12d9ac7859b7ee52cfdf47e2

Download Submit
memory/1464-8-0x0000000000000000-mapping.dmp

Download
memory/1464-11-0x000000007EAF0000-0x000000007EE45000-memory.dmp

Filesize
3.3MB

Download
memory/1464-10-0x00000000005F0000-0x00000000005F1000-memory.dmp

Filesize
4KB

Download
memory/2796-3-0x0000000000000000-mapping.dmp

Download
memory/2796-7-0x000000007E2A0000-0x000000007E5F5000-memory.dmp

Filesize
3.3MB

Download
memory/2796-6-0x00000000009E0000-0x00000000009E1000-memory.dmp

Filesize
4KB

Download
memory/3800-0-0x0000000000000000-mapping.dmp

Download
memory/3800-2-0x000000007E5F0000-0x000000007E945000-memory.dmp

Filesize
3.3MB

Download
memory/3800-1-0x0000000000B20000-0x0000000000B21000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads